This FAQ describes methods of reviewing and collecting various diagnostic information with the Forum products and outlines what diagnostic information should be provided to Forum Systems Support when reporting a problem.
When reporting a technical issue to Forum Systems Support, please provide the version and serial number of the product as shown on the General Info page of the WebAdmin interface and the diagnostic information outlined below.
Diagnostic Information Available in the WebAdmin Interface:
There are three types of logs available through the WebAdmin interface on the Diagnostics>>Logging>>Internal Logs page: the Audit logs, the System logs, and the Access logs.
Audit Logs: Audit logs track the changes made to the Sentry configuration by an administrator. This log contains a comprehensive view of user activities and policy additions, modifications or deletions.
System Logs: System logs show information about the actual traffic going through the device. This log captures the changes that occur in the life of a document as well as changes in movement for a document. As a request is received by the system and the document passes through various processes, tracking messages are written to the System log.
Access Logs: The Access logs show a single line for each completed transaction, showing the client IP, the URI used, the HTTP method, the response code, and other helpful information. The session ID field in each line links to the full transaction details in the System log. The Access logs are very helpful for finding specific transactions quickly, especially when the System log is at DEBUG level.
Notes on the Internal Logs:
- Each log can be downloaded in the following formats: XML, Plain Text, and HTML.
- Each log can be downloaded with the following compression formats: ZIP and GNU ZIP.
- Additional logging settings including: max log file size, display preferences, and days to keep the logs can be found on the Diagnostics>>Logging>>Settings page of the WebAdmin interface.
- You can configure Sentry to always log specific error message or never log specific error messages based on specific error codes.
- The default logging level is INFO for both the Audit and System logs. This is the logging level recommended for the System log in production environments. Forum Systems only recommends using DEBUG logging when there are reported issues in need of troubleshooting.
- The internal logs can also be sent off of the system via a Remote Syslog Policy.
More information on the logging available with Sentry, including a listing of error codes and information on the Remote Syslog policies, can be found in the Sentry v8.1 Logging Guide.
Diagnostics Information Available in the Forum CLI (appliances only):
The hidden "runDiagnostics" command (requires Enable mode) will gather and compress internal logs. The command will then allow administrators to download the data via Zmodem transfer, which is helpful if there is no WebAdmin interface accessible. The Zmodem transfer will only work with serial console access to the CLI (not via SSH).
If the administrator does have WebAdmin access, you can download the diagnostics file from the Diagnostics>>Logging>>Diagnostic File page in the WebAdmin interface. If this page does not exist, log out and log back in after running the command.
Note that it is best to run the "runDiagnostics" command BEFORE rebooting the appliance whenever possible.
To view the Internal Logs via the CLI run the "show log" command and follow the onscreen instructions.
The following CLI commands can also be useful in troubleshooting issues:
Diagnostics to send to Forum Systems Support
1. Serial number and version of Sentry.
2. System and Audit logs - Download and send the Sentry Audit and System logs from any of the days the issues has occurred. If the problem is reproducible, please set the System log threshold to DEBUG mode and reproduce the problem, download the System log, and then set the threshold back to INFO or WARNING level.
3. The Diagnostics file, as captured with the runDiagnostics command.
4. If the issue is network related, please provide the outputs of the following CLI commands:
5. If the issue is network related or an SSL handshake issue, it may be beneficial to capture the packets using the Packet Capture feature on the Diagnostics>>Logging>>Packet Capture screen of the WebAdmin interface.
6. Applicable responses to the troubleshooting questions / steps listed below.
The following are general troubleshooting questions and steps to take when reporting an issue to Forum Systems Support.
1. What version of Sentry is being used? You can find this on the General Info page of the WebAdmin interface.
2. Please provide a detailed description of the issue, including as much information about reproducing the issue and the environment (load balancers, routing details, etc..) as possible.
3. When did the problems begin? Were there any recent changes to the Sentry configuration or to the environment that might have triggered the issue?
4. Are the issues occurring on multiple Sentry instances?
5. Is the issue reproducible or is this a sporadic issue?
6. When the failures were occurring, what information was being returned to the client? Or was the client simply timing out?
7. Were there any issues reported with the backend servers that Sentry is communicating with?
8. Is Sentry configured for any of the following: archiving, LDAP auth, SiteMinder auth, or WS Reports to a local database?
All diagnostic information should be sent to email@example.com or submitted with a new support ticket. If necessary this information can be FTP'd to Forum Systems, contact firstname.lastname@example.org for the FTP site credentials.